informa
1 min read
article

CISA, DOE Warn of Attacks on Uninterruptible Power Supply (UPS) Devices

Take UPS management interfaces off the Internet "immediately," agencies say.

Threat actors are hacking Internet-connected uninterruptible power supply (UPS) devices, typically via default username and password combinations, the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Energy (DoE) warned this week in a joint alert.

The federal agencies recommend immediately removing UPS devices from the public Internet and ensuring that their management interface is behind a VPN or other security controls if it's accessible via the Internet.

Change any factory-default passwords and employ multifactor authentication and strong passwords, CISA and DOE recommended in their alert.